From 02e99277146d8bd912f2f19af1d3e94a6181d90d Mon Sep 17 00:00:00 2001
From: alecdwm
Date: Tue, 13 Dec 2016 22:31:35 +0100
Subject: Initial support for LDAP server authentication

Limitations as of this commit:

- tlsOptions can only be specified in config.json, not as env vars
- authentication failures are not yet gracefully handled by the UI
  - instead the error message is shown on a blank page (/auth/ldap)
- no email address is associated with the LDAP user's account
- no picture/profile URL is associated with the LDAP user's account
- we might have to generate our own access + refresh tokens,
  because we aren't using oauth. The currently generated
  tokens are just a placeholder.
- 'LDAP Sign in' needs to be translated to each locale
---
 public/views/index.ejs             |  5 +++--
 public/views/signin-ldap-modal.ejs | 35 +++++++++++++++++++++++++++++++++++
 public/views/signin-modal.ejs      | 10 ++++++++--
 3 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 public/views/signin-ldap-modal.ejs

(limited to 'public')
diff --git a/public/views/index.ejs b/public/views/index.ejs
index 2bec7de0..baca1417 100644
--- a/public/views/index.ejs
+++ b/public/views/index.ejs
@@ -57,7 +57,7 @@
                         <% if (errorMessage && errorMessage.length > 0) { %>
                         <div class="alert alert-danger" style="max-width: 400px; margin: 0 auto;"><%= errorMessage %></div>
                         <% } %>
-                        <% if(facebook || twitter || github || gitlab || dropbox || google || email) { %>
+                        <% if(facebook || twitter || github || gitlab || dropbox || google || ldap || email) { %>
                         <span class="ui-signin">
                             <br>
                             <a type="button" class="btn btn-lg btn-success ui-signin" data-toggle="modal" data-target=".signin-modal" style="min-width: 170px;"><%= __('Sign In') %></a>
@@ -93,7 +93,7 @@
                 </div>
 
                 <div id="history" class="section"<% if(!signin) { %> style="display:none;"<% } %>>
-                    <% if(facebook || twitter || github || gitlab || dropbox || google || email) { %>
+                    <% if(facebook || twitter || github || gitlab || dropbox || google || ldap || email) { %>
                     <div class="ui-signin">
                         <p><%= __('Below is the history from browser') %></p>
                     </div>
@@ -192,6 +192,7 @@
         </div>
     </div>
     <%- include signin-modal %>
+    <%- include signin-ldap-modal %>
 
     <% if(useCDN) { %>
     <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
diff --git a/public/views/signin-ldap-modal.ejs b/public/views/signin-ldap-modal.ejs
new file mode 100644
index 00000000..6a665f17
--- /dev/null
+++ b/public/views/signin-ldap-modal.ejs
@@ -0,0 +1,35 @@
+<!-- signin ldap modal -->
+<div class="modal fade signin-ldap-modal" tabindex="-1" role="dialog" aria-labelledby="mySmallModalLabel" aria-hidden="true">
+    <div class="modal-dialog modal-sm">
+        <div class="modal-content">
+            <div class="modal-header">
+                <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span>
+                </button>
+                <h4 class="modal-title" id="mySmallModalLabel"><%= __('LDAP Sign in') %></h4>
+            </div>
+            <div class="modal-body" style="text-align: center;">
+                <% if(ldap) { %>
+                <form data-toggle="validator" role="form" class="form-horizontal" method="post" enctype="application/x-www-form-urlencoded">
+                    <div class="form-group">
+                        <div class="col-sm-12">
+                            <input type="username" class="form-control" name="username" placeholder="Username" required>
+                            <span class="help-block control-label with-errors" style="display: inline;"></span>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-12">
+                            <input type="password" class="form-control" name="password" placeholder="Password" required>
+                            <span class="help-block control-label with_errors" style="display: inline;"></span>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-12">
+                            <button type="submit" class="btn btn-primary" formaction="<%- url %>/auth/ldap">Sign in</button>
+                        </div>
+                    </div>
+                </form>
+                <% } %>
+            </div>
+        </div>
+    </div>
+</div>
diff --git a/public/views/signin-modal.ejs b/public/views/signin-modal.ejs
index acbad256..ba6c57ff 100644
--- a/public/views/signin-modal.ejs
+++ b/public/views/signin-modal.ejs
@@ -38,7 +38,13 @@
                     <i class="fa fa-google"></i> <%= __('Sign in via %s', 'Google') %>
                 </a>
                 <% } %>
-                <% if((facebook || twitter || github || gitlab || dropbox || google) && email) { %>
+                <% if(ldap) { %>
+                <a type="button" class="btn btn-lg btn-block btn-social btn-reddit "data-toggle="modal" data-target=".signin-ldap-modal">
+                    <i class="fa fa-book"></i> <%= __('Sign in via %s', 'LDAP') %>
+                </a>
+                <% } %>
+
+                <% if((facebook || twitter || github || gitlab || dropbox || google || ldap) && email) { %>
                 <hr>
                 <% }%>
                 <% if(email) { %>
@@ -67,4 +73,4 @@
             </div>
         </div>
     </div>
-</div>
\ No newline at end of file
+</div>
-- 
cgit v1.2.3


From 72a0e90f7d09d8a4e06a2629dcb9404eb37c64a0 Mon Sep 17 00:00:00 2001
From: alecdwm
Date: Wed, 14 Dec 2016 12:42:42 +0100
Subject: LDAP signin form moved to main signin-modal

- previously was a separate modal
- now is located on main modal, like email auth
---
 public/views/index.ejs             |  1 -
 public/views/signin-ldap-modal.ejs | 35 -----------------------------------
 public/views/signin-modal.ejs      | 27 +++++++++++++++++++++++----
 3 files changed, 23 insertions(+), 40 deletions(-)
 delete mode 100644 public/views/signin-ldap-modal.ejs

(limited to 'public')

diff --git a/public/views/index.ejs b/public/views/index.ejs
index baca1417..39674b02 100644
--- a/public/views/index.ejs
+++ b/public/views/index.ejs
@@ -192,7 +192,6 @@
         </div>
     </div>
     <%- include signin-modal %>
-    <%- include signin-ldap-modal %>
 
     <% if(useCDN) { %>
     <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
diff --git a/public/views/signin-ldap-modal.ejs b/public/views/signin-ldap-modal.ejs
deleted file mode 100644
index 6a665f17..00000000
--- a/public/views/signin-ldap-modal.ejs
+++ /dev/null
@@ -1,35 +0,0 @@
-<!-- signin ldap modal -->
-<div class="modal fade signin-ldap-modal" tabindex="-1" role="dialog" aria-labelledby="mySmallModalLabel" aria-hidden="true">
-    <div class="modal-dialog modal-sm">
-        <div class="modal-content">
-            <div class="modal-header">
-                <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span>
-                </button>
-                <h4 class="modal-title" id="mySmallModalLabel"><%= __('LDAP Sign in') %></h4>
-            </div>
-            <div class="modal-body" style="text-align: center;">
-                <% if(ldap) { %>
-                <form data-toggle="validator" role="form" class="form-horizontal" method="post" enctype="application/x-www-form-urlencoded">
-                    <div class="form-group">
-                        <div class="col-sm-12">
-                            <input type="username" class="form-control" name="username" placeholder="Username" required>
-                            <span class="help-block control-label with-errors" style="display: inline;"></span>
-                        </div>
-                    </div>
-                    <div class="form-group">
-                        <div class="col-sm-12">
-                            <input type="password" class="form-control" name="password" placeholder="Password" required>
-                            <span class="help-block control-label with_errors" style="display: inline;"></span>
-                        </div>
-                    </div>
-                    <div class="form-group">
-                        <div class="col-sm-12">
-                            <button type="submit" class="btn btn-primary" formaction="<%- url %>/auth/ldap">Sign in</button>
-                        </div>
-                    </div>
-                </form>
-                <% } %>
-            </div>
-        </div>
-    </div>
-</div>
diff --git a/public/views/signin-modal.ejs b/public/views/signin-modal.ejs
index ba6c57ff..e71b09c6 100644
--- a/public/views/signin-modal.ejs
+++ b/public/views/signin-modal.ejs
@@ -38,12 +38,31 @@
                     <i class="fa fa-google"></i> <%= __('Sign in via %s', 'Google') %>
                 </a>
                 <% } %>
+                <% if((facebook || twitter || github || gitlab || dropbox || google) && ldap) { %>
+                <hr>
+                <% }%>
                 <% if(ldap) { %>
-                <a type="button" class="btn btn-lg btn-block btn-social btn-reddit "data-toggle="modal" data-target=".signin-ldap-modal">
-                    <i class="fa fa-book"></i> <%= __('Sign in via %s', 'LDAP') %>
-                </a>
+                <h4>Via LDAP</h4>
+                <form data-toggle="validator" role="form" class="form-horizontal" method="post" enctype="application/x-www-form-urlencoded">
+                    <div class="form-group">
+                        <div class="col-sm-12">
+                            <input type="username" class="form-control" name="username" placeholder="Username" required>
+                            <span class="help-block control-label with-errors" style="display: inline;"></span>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-12">
+                            <input type="password" class="form-control" name="password" placeholder="Password" required>
+                            <span class="help-block control-label with_errors" style="display: inline;"></span>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="col-sm-12">
+                            <button type="submit" class="btn btn-primary" formaction="<%- url %>/auth/ldap">Sign in</button>
+                        </div>
+                    </div>
+                </form>
                 <% } %>
-
                 <% if((facebook || twitter || github || gitlab || dropbox || google || ldap) && email) { %>
                 <hr>
                 <% }%>
-- 
cgit v1.2.3

